CVE-2011-2457

2011-11-1116:55:01

CWE-119

adobe

web.nvd.nist.gov

cve-2011-2457

adobe flash player

buffer overflow

nvd

security vulnerability

arbitrary code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.7

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.

Affected configurations

Nvd

Node

adobeflash_playerRange10.0–10.3.183.11

adobeflash_playerRange11.0–11.1.102.55

AND

applemac_os_xMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

sunsolarisMatch-

Node

adobeflash_playerRange11.0–11.1.102.59

AND

googleandroidMatch-

Node

adobeadobe_airRange3.0–3.1.0.4880

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
sunsolaris-cpe:2.3:o:sun:solaris:-:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
adobeadobe_air*cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
sun	solaris	-	cpe:2.3:o:sun:solaris:-:::::::*
google	android	-	cpe:2.3:o:google:android:-:::::::*
adobe	adobe_air	*	cpe:2.3:a:adobe:adobe_air::::::::